Hi all, I’m looking at a couple of time keeping apps and wanted to get more information outside of the app developers themselves as to what level of access can integrations have to my Asana data? If a time keeping app for instance requires access to task level data, is this by design/default limited only to the user using the integration/or whom it is installed for, or are there any backdoors the integration can use to access other users’ data within the organization? Please be patient I’m quite new to Asana, and thanks in advance!
The integration will have access to everything the person who installed it has access to. And this is both for reading and writing.
Thanks for the quick reply Bastien, and nice to meet you!
Could you confirm then that this would mean that the integration developer/provider potentially could read and write with the same access privileges afforded to the user who installed the integration? There’s no presumed data mining or bad behavior on my end, I just need to make some security calculations on whether it meets our security policies to have another party other than Asana potentially have access to our data at the same access privilege level as the user seeking to utilize the integration. Thanks in advance! Shilpi
100%. Asana does not (yet) have fine-grained permissions like Google or Facebook. You can’t give permissions to “read tasks” you always give “permission to read and write everything I have access to”
Thanks for clarifying that, huge help and have an awesome day! Shilpi
This topic was automatically closed after 7 days. New replies are no longer allowed.